Formal Metadata

CC Attribution - ShareAlike 3.0 Unported:You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.

Content Metadata

OpenBSD introduced the signify tool to cryptographically sign and verify releases one year ago. I'll talk about the design and implementation of the tool, how the OpenBSD project uses it, the necessary changes to the release process to incorporate signify, and other lessons learned in the past year.

for signing and verifying cryptographic signatures are I wrote this tool for the Mr. project about a year ago in order for us to verify and and integrity of our releases and so this way when you download of me you can be assured that the abuse the you're installing is the obvious the that we built back in Canada uh so uh the so we had some alternatives

00:38

and I would suggest that people use and obesity in the beginning had been using a shot 256 checks sons for all the downloads but that's not the checksums themselves were not signed however so anybody who could maliciously interfere with the download it would be able also maliciously creating new Jackson although the checksums did were useful for detecting accidental damage like if you the flowers mangled in transit somehow and so I think 1 of the ideas that people kind of floating around with use HTTP and I think you know we know see really seriously consider this as and but we have been using FTP and we're moving to HEP and so what people soon http is insecure you should use the secure version of HTTP and now the problem with this is 1st of all like mention we wanted and and security so what gets built in Calgary or over the build machine is we want to make sure that that artifact is the same artifact that ends up on your computer and using a GPS only ensures that whatever the media sent to you is that what the mere intended to send you the alleles with the will of and i've of now you can him at the side and so 7 the varied Todmorden after you got a real part and the importance of so you know and also a lot of our mirrors or run by friendly people but they're not necessarily run by the project and and so we can necessarily tell 1 you know you must use GPS and you find that itself on and 2nd it puts all the mirrors inside this giant circle of trust where now the attack surface to compromise of communities is basically any you know is is all them years and so that's just too much for us to guarantee of and 3rd I personally really disappointed with the certificate authority CA model and so is not necessarily required to use a GPS but I think most people miss set always GPS makers security you're implicitly buying into the CAD model and give you the project would prefer not to delegate final authority over what constitutes authentic over years 2 like 100 random people scattered around the world that we've never met and so and I a stand why even bother with last of the through discussion what sort of ideas but it takes more code for a TOS client to negotiate holo under the key exchange than and all sign of 5 so and I mean for us and and people joke that we still use floppies for the installer but sign if I had to fit on a 1 . 4 4 megabyte floppy and that's not so much a matter of like it really needs to fit on a floppy but the floppy is a good way for us to measure how bloated the system is becoming and so if you can't fit on a floppy then maybe is too bloated answer now the only real bottle of thing is PGP or probably GPG from open source of I hear other operating systems use GPG repeatedly and a my concerns best were complexity quality and complexity of the cell so there there was the PGP usability study done some number of years ago and about this the privilege of technical people express computer users in a room with computer go the set of PGP and 2 hours later none of them were seen or heard from again so now in most cases that as cool the node the end users never really and actually interact personified but nevertheless and wanted to make sure that if anybody been assigned peak under the hood you'd be able to like reconstruct the complete workflow from signing from key generation deciding to verification on your own reading a man page that fits on 2 computers you know without going to crazy so there and also we wanted to ensure that all the code involved in signing met the museum projects quality standards and without digressing too much about code quality of external code others say that it is easier to have control over quality when it's in your tree and you only verses importing code written by other people now the complexity of the code is also a major factor here as such as a Matthew green is a professor of cryptography you asked his own who built the new P 2 . 1 . 1 W and give me a hand on which live PDE area you used and so this is a question which I did not feel I myself could answer I don't know which live GPG 2 years from and this comes back where even if a perfect PGP codebase exists we have no way of verifying that this code is actually a perfect because there's just so much of it and so the answer for us was to start from scratch

06:58

what you would therefore on so the uh only for missing scientists inside here so that was a long time to have a bunch of decisions to make 1st out but we can by thinking ahead about how we use this tool and knowing that I was going to end of implementing it on I can't look ahead and so did you know 4 choices are like a b c a d whichever those I picked I know I'm definitely take E all of the above and so and i has very few features and wherever like another tool might offer you a choice certainly only offers 1 option and so among the 1st things 1st we need to decide is needed pick a crypto algorithms and for a set of why we're using ED 2 5 5 1 9 signatures which so e 2 5 5 1 9 is the Edwards twist variant of the curve to 5 5 1 9 curve developed by the bernstein did you and there are bases so curve to 5 5 1 9 and is used for Diffie-Hellman key exchange but you can't use it for signatures so for signatures you need to do something occur and the size of the and know that the D. old talk a little more about this but basically the some code freely 2 5 5 1 9 had a couple months earlier been imported into SSH which actually this very simple vetting process from a set of looking at all the signature algorithms that out there I looked at the newest 1 that had been most recently imported into SSH vetted that it was going to be viable for implementation and 1 that so I kind built on choices other people and made and so it might look at like you know this 12 or more curves out the popular used but by this kind of all people whatever the newest thing in SSH is will soon that that's the best and so will use that and then the next comes out of the plumbing and what metadata to Inc. keys and signatures of what they did not what metadata not to include and of the interface so we design things and we need to verify things and how many command-line options and that really so that will be there for the to the files again the will of a few notes on the signature scheme so 1 of the rise which kind of solely on the PDE to 4 5 1 9 is it's a deterministic interesting and so most variations of DSA or ECD require random and that has failed spectacularly a number of cases where people need a 256 bit random number and if you actually only have a 255 bit random number of your signatures and thing and it's easy to recover the key on or you repeat the nonce because you're not quite sure what you're doing and PlayStation 3 anybody so the so instead what you need to have a 9 does is it passes the message and uses that is not so if you assign the same message over and over its generating exactly the same signature and if you sign a different message going to use the diff it's guaranteed to use a different answer for different messages so this way there's no repetition and there's no way to get the key back so those 3 so kind of you know and also the did you be designed the curve of the parameters such that the implementation it's easy to make a a fast efficient and secure implementation and so basically you take everything that we've learned about our digital signatures in the last 20 years and look at all things where if you like a giant checklist of like these are the 10 things that you must not screw up 82 5 5 1 9 this makes them impossible to screw up to preselect I know the only complaint that 1 might have is the security margin is like estimate 128 that's on 0 0 0 that's not good enough for like 50 years or whatever you know so yes it's on the small side compared to some other curves although we're talking about like heat death of this universe versus he death of all the universe is this so I I don't think it really did that's probably good enough and now even if you are like super super paranoid about this the good news is scientific you don't even need to last that long I wanted to our purification schedule the basically assigned a fight she's only a renewed for 1 year and even if you were to somehow come up with a scheme to break up a set of entities of 5 years from now being able to forge signatures for like obesity 5 7 current release not going to do much to know what is going to be installing but 5 7 and 5 years and so that this is kind of like that is if you are OK so all of for that but it is actually the keys themselves never expire but we simply stop using them at the end of the basically the so this is unlike breaking encryption key where I could go back and read 20 year old secrets which in theory could be valuable but signatures generally don't pretty good way reason signatures they don't need the hold up nearly as long and so it's OK if people start breaking and as time goes on but is not to say that I think signatures will be brought up which is kind of if we need to change if we need to move on we can move on but it will there'll be no longer term lasting damage that finally complicite so what is the sort of like you look like it looks like that maybe and secure code of the the guts of a T I can take a picture of it in light some in the picture of you take picture of your and so you know and now when I think about these keys they're pretty small we can show that in your code and so this way if you don't trust that the sign of a key on the website and is valid or if you don't trust that the key posted on Twitter is valid or if you don't trust that the key printed on the top of the CD that you got the male that contradicted I don't trust that you know it was come to abuse the conference to take a picture of him and I really has the key assuming you trust your camera's image sensor from where it was and so it is so yes I mean I I have not verified this cable I you know connected to the projector here is that that secure so actually

14:56

the like a real file here so this is actually the entire contents of the sine of phi miss 5 7 based properties so we have a little file name organization system so that it doesn't obviously that's like where we can do like vendor version and then things so this base key there's a firm working and his package key and draw from obviously and and this is the 5 7 release now so there's 2 lines and the 1st lines kind we're causes as untrusted comment and then it tells you what it is but then it also tells you not to trust so to be the common is there because in case you lose the file name or I could get stuck on of and as a DOS file systems they have like open be till the 1 that publish something you know you don't know what it is 0 got this is the key provides evidence but I think if you if like history of cryptographic schemes in addition to implantation there's lot of human error where the and in some and the the person but the end user has to verify open and I felt that I was always going to be 1 of the weakest links and so on and if you wanted to work what people in a high trick people into believing something generally if I give you some random firemen like you know this is a legitimate Anakin believe but if I say here the key what it says open the is the internet you're going read them you're all will jet and so people are much more trusting of what they read and then go and see for themselves and what other people tell them and so I kind want to give you a hint here that just as a key says it came from over the doesn't mean that it did come from over the sea and then there's uh the next line so the next line of alpha is always going to start with a couple are coupled w alone because the if you decoders basically for the decoder to decode that the 1st 2 bytes of the decoded text or a couple of EU law case is the 1 which is always limited to me that this is a ED Q 4 5 1 9 key just considering the changes of the algorithm is embedded in a key then come at random bytes of data which are used to detect accidental key signature mismatches so if you try to verify signature at the wrong key normally you just an error saying verification failed but that might alarm you unnecessarily if you use the wrong key by accident so instead of these random bytes which will just say hey there's a mismatch here and you need to go find a different key or different signature of and then the next of the 32 bytes of the actual key and then you will get that sig file on the side of a signature is exactly the same format I'm except the signatures of 64 bytes long so that they 64 lines carries on a while longer and so for reference

18:32

that's the previous the security officer key so from the picture of that and you have a zoom lens we can see is in that

18:44

the the the the PGP key

18:47

I as I went through it and it is like I don't know you know and it's on it's on the website for previously but like how also distribute that's where I think that the small size of the Sun effect keys losses is basically put them everywhere that makes it easy to distribute so you know that the Kremlin so actually have included example command line but to the at the of it it I was so now but also the initial debate but when I 1st got the tool was you know kind of like whether which positional arguments and and so a lot of other tools in units 5 million the CP and move have positional arguments where the destination the source and destination in and then you have some attractions personified as not take any position on it all arguments are specified with flexible inspection and for the masses dash the signature dance for the public key status the secret key and so I value explicit verbosity over implicit mistakes so you know for the most part certifies embedded in the shell scripts in or profits and contextual so and so you never people knew archiving Eastman out once a twice and so unique to get it right but then when you go back and read it if you haven't looked at the man page for while you wanna make sure see like which is a secret key which is the public key which is message and you don't have to guess based on the position because you can try to come up with like system had 0 well clearly signing the message with the keys to the message from this 1st then someone else is going to think you can use the key to sign the message to the key comes 1st and like I can use ln without reading a man page every single time and there is like yes and that somebody explained that I still not a backwards in my head and feel that could come from the so I mean basically you know this is this kind of foolproof things like OK it's OK to form more seconds of typing but I I can do I can guarantee you will make a mistake but I can guarantee that if you are looking at the command line you will be able to verify and understand what all the arguments on the and so I wanted to mention artifacts so I

21:42

mentioned so generally cryptos speak we talk about messages signed messages but that's a little vague for us this because I mean you might have a message to the right so I mean like random e-mails that I sent to the mailing list are not sigh and they're not artifacts and so what we're using stratified to sign verify artifacts so this is the releases the packages and patches basically things that go on to a what FTP mirrors and are now HEP in here but it does exclude the website that they end up the sky can talk slides and everything else so basically what we are at the current time only signing like open BEST were not signing all the stuff around because they're all currently they signing is somewhat involved in involves like you're going up and down a flight of stairs and into the the secret ball room and so forth and so on you know I can do that like every time somebody like updates the web page you know and so forth so on the the the sum of the moral is like you you know the if it if if you consider like the thing that you're downloading to be obviously you should make sure that signed and you reading about open BST uh don't believe in this half of the audience so what we

23:24

actually using set of 5 for the 1st store installed of musi recently notice the installer it when it downloads and installs that's that's now been split into 2 phases where it downloads all sets then it verifies them and then installs that users kind of stream FTP data into talk about but you don't do that if you're not sure what you're streaming so the insult shall verifies result pretty transparent it all complain if the signatures are invalid but otherwise it's it's always going to verify that the public key is embedded in the installer and be surety renders kernel file system and so the installer basically it itself contain it has everything you need to know what were actually signing is the shock you from the sector checksum file that is those previously but what I mentioned earlier that we using and what we so rats signing like the giant bases 516 TGC file over reciting just check something so as a lot smaller and lexical that corporate verify and then also simplifies things in our signing and where we don't it but basically this establishes a chain of trust where if the signature on the check some file matches then you know that the checksum file came from and if the Torah set has the same checksum isn't a checksum file then you know that the checks and er that follows also same father we check some of the stuff from last year and the only component that you need to been manually verified is the installer itself musical was doing is basically like the BEST RGD kernel if you're gonna do not great enough food or the CDI so you still have to run sonified by hand to verify that I'm not thrilled about this because I think once you have a installed should be of this kind operated transparently without ever encountering this again but of and missing a little piece of code somewhere based on the close the loop so if you package on so package verifies packages and when you do a package addressed you know you're it will replace all of your packages with new signers and so it package that is capable of operating and it's basically the the problem as a running over the years the system doesn't know how to fetch the components that needs to upgrade so that the analyst but so that the hard part so I guess this is where you have runs out of a hand so charity that simple so you download some files and there is a recipe in demand just like the 1 example this 1 certified damage the of the and then verifies that you're DAC ideas for the next release and you can bring in a package as a Baghdad again is worse packages the page's were working throw somewhat system is a shot 56 file in the package is implicit check sums of all files in the package and we sign that on the so this leverage the existing package integrity mechanisms name and the 1 difference is that packages the signature is in inside the package and there's no way actually believed to manually verify package without trying to install them if you download a package of the firefox that TGC but there's no Firefox UGC dancing filing in nor is there a signed list of all the checks sums of all the packages injuries were not doing that is the packages directory has way too much data and it takes basically a wonderful data or sink to a mere and so if you were trying to install package you have explicit check spy on average half of those checksums would not match the packages on the mere because they hadn't been arcing yet so instead the signatures are only entirely self-contained packages that allows each file to be ah individually the base releases a lot smaller and so you can extend that couple yes but with all of the best where they are I mean yeah I can think of yeah it does balance point is that it's the judges transparent about this is possible and we we want to work on time without too much intervention and so OK so

28:53

now this is a key rotation so this is where we expired keys if you well there is 1 of your you yes yes the description file and other stuff I have checksums sums as well and so there that's in the check sum and then the checks a sign that there was a bug where the description was not being verified for a little short while but I think it's fixed you right have excellent yes no and so if you were me here as well OK so the version number of the package is going to be included in the signature in implicitly it eventually gets and so basically if Firefox P 2 goods are the mirror replaces Firefox P 1 of and you upgrade the P 2 you cannot be downgraded to P 1 and because actual from that too is not you know you're going to 1 going backwards now a near can refuse to download the new signature over the new package so it might deliberately keep outdated packages on the mirror and then you'll never operated by the package tools although Downloade quirks file them and so the court's file is this magic special package which describes all of the ways that other packages are not normal and so so the abnormalities in other packages arise quite frequently and so the court's packages updated on a pretty regular basis and so the package actual now checks to see that the quirks package that it fetches is not too far out of date and so there's still some window there but if you get a corpse file from a year ago the package tools a complain that your mirror is most likely out of date not so there court design 1 package and so it doesn't have to match the particular packager operator it's all Baghdad is always going to check the quirks package 1st and so basically that is serves as the timestamp of them here and so it's not yes and no if the yes if this is not in there then I think yeah it probably will update the size fits additive I mean literally so if you do that many of these I mean at some point like I did is unplug your Internet cable and then you can upgrade so I think it's really read the you all get a lot this is mentioned we don't build new packages for releases anyway and so on and so this is really only matters for snapshots and that yet but the point is known as OK now I now I know that it had a then the the point that the light that we invent like the costing was easy to do and that's why I did it but I think in a real sentiment something about like what if it's old like that it it is hard to know about things that you don't know that that's something that's difficult but all of you text so so the security of so there's 1 keeper release and so everything with thought everything related to 5 6 is an assigned the 516 everything related to 5 7 is an assignment 570 and then as basically this implicitly fires he's after 1 year where once 5 of the 5 5 is dead so you should hopefully never see anything ever signed with the 5 5 key again and so this kind of set in and on the 1 hand it's kind of so the compromise problem where 1 of the 5 5 key had been compromised at some point but now it's useless and so 0 well whatever you know half of that but I so how do we get the new keys out there and so after each release keys for their release after the next 1 agenda so that's plus 2 so what the example so after 5 6 was released a new keys for 5 8 were generated and that way the 5 8 keys then were included in the 5 7 released success in and the basically the upgrade over every release that the current release you're running will have the keys for the next release so when you go to upgrade you can download the next release and verify with the key that's already on your system and and the keys and are not signed directly but there is an implicit chain here where the key for the next release is included in the release and that releases signed so that if you some of you know I think we started with this 4 5 flights of himself I 5 you got 5 5 needed 560 if you then you could then use that 562 install 5 6 affected the 570 which you could then use to download and verify 5 7 which gets the 5 8 key this fall you'll be able to download and verifying 5 8 using that key and so the sum the exposure and that you know we looked a couple ways of doing this and I think some people or fans of key revocation of don't think unification is ever really worked in practice and so on and basically trying to revoke it key is like harder than much harder than creating it up and and generates a lot of failure modes and about related issues then had expired revocations or you don't get the rotation you know analysis and basically the worst case scenario is compromised we say sorry but be careful I guess I'm and then 6 months later this new release of obviously with new key and we can just forget about all that kind of thing a so I but because the the 1 I think this also you know like mentioned if we ever decide that the E 2 5 5 1 9 algorithm is not the algorithm for us we already have a now like tried and tested kind of method for rolling out a new algorithm on can switch to like some of the 400 the keys forwarded it curves that's really necessary this kind of thing that could assign phi that we will therefore that could trickle out and then automatically you keys will get generated with the new algorithm can so what is of this next he's already in the next release of this newly

37:54

scenario key infrastructure but none of them so the there are no key servers there is no web of trust that I did not have a personal cyanophytes he which I will use to sign the open B is the key and 10 so that you know right so how do you start at the top of kind of uh to connect the edges so you have a public key which might consider an egg and you can use that to get open the which is the chicken and then I only see the chickens will has the key for the next release of the egg so the egg is your change in genetic and check and now so if you have either of those girls that but what if you are near the waters from today and you can reasonably assume for neurotic manner on a trial Mr. yeah and how do people who have never installed obviously before the start of the so that's why the keys are small and dispersed so the key right there we put them on the mentioned the CD label you put them on the website you can e-mail me and I'll send you an unsigned unencrypted e-mail back with a treaty that could be but I mean intelligent and at some point you this is kind of there's only so many ways of of for an adversary to get in between you and the keys and the more places we put the key 1 of the more likely it is that you will be able to find a method that has not been interfered with and it increases the risk that you will detect any malfeasance but you shouldn't try privacy and so that is not mean that you should necessarily trust any random key you find on Twitter and but the key on Twitter which is delivered over HTTP Aspinall so there you like GDPs you can you trust that and you know you know that this will answer if you have the mean I will will personally show you the key on my laptop if you really really need to see it and you know again and that's kind of the best we can do there is no authority that that's going to give us a real or you will use what is the sees role maturing the you're welcome to put the key on your website and you know become 1 of these people who are on and you're welcome to run you know a service that downloads the key from 20 places that verifies that is there anybody out like I We do not necessarily want to be doing ourselves and I think that's certainly a key verification effort that this community driven would be what 1 thing I basically I I think that you know like image what would you get of museums solved once a year European much set and services rely on a 1st time this year on year then you need to buy a CD in a real way the pros and cons of whether summaries and what was your mail and you know the chances of getting away with that 1 and then you know you have by the sea and tree with his i thank you OK so

42:08

conclusions questions and so I think I want to answer the question which I thought when the 1st element top was going to be you know quite don't we do this before and as in a star at that and say 0 the answer be obviously coming to the end of the talk I try not obvious because that was the focus on sonified does and not so much all the pain we went through our deployment in 1st as a 3 months of by the early releases like reading quite have the q occasion figured out and we need know which keys were really know like which machine is to generated keys and signed sets and so that required a whole bunch of work on the axon and where he had a kind of rewiring network to create a new kind of like diodes signing machine which can sign things but otherwise is able to talk about the outside world of earning more specifically the outside world is not able to talk to it and on and so on that's or hardware security modules of so cycle 1 you delta 1 way Ethernet cable is this 1 but I would say that the model like frustration getting done with that in mind I wanna focus too much on it because I think as an end user in the prior this point don't care what happened a year ago you know where whenever it do this again and so can the lessons learned rotten 1 one-half but it was like all manner with the arrows on a finite couple days is very fast and like well we're done and then the 3 months later likewise is that verifying Israeli site with the wrong gene like we had it to their leaders and astronomy had and the very 1st version of the key to not have that will pretty comment telling you what and what within them and just 32 bytes of the 64 data and that just the key and so you can sign anything with anything and then to try to verify and then we got all sorts of mismatches because we had way too many kids running around and and and it uses that kind of all solve itself where are the ones we had a process in place then we don't have too many kids running around but uh and so if you're working on something like this and this and this can take it slow and thing about the processing about you know the next steps as you go and so I think that when the lessons that refinement and so as the presence of a new state of the tools that people love to bring this up our official position is more like snake oil than anything so we Journal plans to embed signature verification the kernel for executables slowly and not the other then I guess as I said this is because you have to have something to do with the will of the previous OK and so we can use a kind of I would like to find source it's got all of the the code in it and we expect it so that it verifies only which reduces the code size because essentially and the signing requires like a whole bunch of curve operations verification is very simple and so you can fit it's only about like 9 K static or something which would easily fit in a kernel so now guess so I mean anything you need is well we we need to be 64 code but you don't need that like literally it is the sign function of verifying action about